Forum Discussion
David_123856
Nimbostratus
NimbostratusKerberos Authentication from Multiple Forests
I've set up an F5 APM device with some Kerberos auth using the steps here - http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-aaa-auth-config-11-3-0/3.html and it is working for ...
David_123856Nimbostratus
NimbostratusSetting up a service account in each Forest and building multiple keytabs that are then combined turned out to be the best working solution here. Thanks for the feedback guys
FI_2016_187929Nimbostratus
NimbostratusI am having a similar issue. We have two separate domains (two way trust) and trying to get both of them to authenticate to the F5 using client end user Kerberos. The F5 is in Domain1 and any user from Domain1 or a domain in the same forest as Domain1 can authenticate successfully. When a user from Domain2 attempts to authenticate, they get prompted for by Windows Credentials prompt and are denied access. We took a Wireshark capture and it showed KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7) Realm: Domain2.com. I added Domain2.com in the krb5.conf file and same result.
Is it possible to get this working without a combined keytab file?